<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ');
  }
mysql_select_db("test", $con);

if(!get_magic_quotes_gpc())
{
	$u=mysql_real_escape_string(trim($_GET["u"]));
	$p=mysql_real_escape_string(trim($_GET["p"]));
	$f=mysql_real_escape_string(trim($_GET["f"]));
	$t=mysql_real_escape_string($_GET["t"]);
	$h=$_GET["h"];
	$w=$_GET["w"];
	$s=$_GET["s"];
}
else
{
	$u=trim($_GET["u"]);
	$p=trim($_GET["p"]);
	$f=trim($_GET["f"]);
	$t=$_GET["t"];
	$h=$_GET["h"];
	$w=$_GET["w"];
	$s=$_GET["s"];
}


$auth=mysql_query("SELECT * FROM users WHERE users.user='$u' AND users.passwd='$p'");
if(mysql_num_rows($auth)==1)
{
	if($s==0)
	$temp20="UPDATE users SET users.online=0 WHERE users.user='$u' AND users.passwd='$p'";
	else if($s==1)
	$temp20="UPDATE users SET users.online=1 WHERE users.user='$u' AND users.passwd='$p'";
	else if($s==2)
	$temp20="UPDATE users SET users.online=2 WHERE users.user='$u' AND users.passwd='$p'";	
	else if($s==3)
	$temp20="UPDATE users SET users.online=3 WHERE users.user='$u' AND users.passwd='$p'";	
	
	$sql20=mysql_query($temp20);
		
	if(strlen($f)==0 && strlen($t)==0 && $w==0)
	{
		$temp13="UPDATE users SET users.typing=0 WHERE users.user='$u' AND users.passwd='$p'";
		$sqltmp=mysql_query($temp13);
		$temp1 = "SELECT * FROM users WHERE users.online>=1 AND users.user<>'$u' ORDER BY users.user ASC";
		$sql=mysql_query($temp1);
		while($row = mysql_fetch_array($sql))
		{
			if($row['online']==1)
			{
			 $response.='
			 <div onclick="chat(this.id);"  onmouseover=this.className="achatlistselected" onmouseout=this.className="achatlist" class="achatlist" id="'. $row['user'] . '"><img class="status" src="online.gif">' . $row['user'] . '</div>';
			}
			else if($row['online']==2)
			{
			 $response.='
			 <div onclick="chat(this.id);"  onmouseover=this.className="cchatlistselected" onmouseout=this.className="cchatlist" class="cchatlist" id="'. $row['user'] . '"><img class="status" src="busy.gif">' . $row['user'] . '</div>';
			}
			else if($row['online']==3)
			{
			 $response.='
			 <div onclick="chat(this.id);"  onmouseover=this.className="dchatlistselected" onmouseout=this.className="dchatlist" class="dchatlist" id="'. $row['user'] . '"><img class="status" src="away.gif">' . $row['user'] . '</div>';
			}
		}
	
		$temp2 = "SELECT * FROM users WHERE users.online=0 AND users.user<>'$u' ORDER BY users.user ASC";
		$sql=mysql_query($temp2);
		while($row = mysql_fetch_array($sql))
		{
			 $response.='
			 <div onclick="chat(this.id);" online="0" onmouseover=this.className="bchatlistselected" onmouseout=this.className="bchatlist" class="bchatlist" id="'. $row['user'] . '"><img class="status" src="offline.gif">' . $row['user'] . '</div>';
		}
		$response="#userlist#".$response;
		echo $response;
	}
	else if(strlen($f)==0&& strlen($t)==0 && $w==1)
	{
		$temp10="UPDATE users SET users.typing=1 WHERE users.user='$u' AND users.passwd='$p'";
		$sqltmp=mysql_query($temp10);
		$response="#".$u."#typing";
		echo $response;
	}
	else if(strlen($f)>0 && strlen($t)==0 && $w==2)
	{
		$temp14="SELECT * FROM users WHERE users.user='$f'";
		$sql=mysql_query($temp14);
		$row = mysql_fetch_array($sql);
		if($row["typing"]==1)
		{
			$response="#".$u."#typing";
			echo $response;
		}
		else
		{
			$response="#".$u."#nottyping";
			echo $response;
		}
	}
	else if(strlen($f)>0 && strlen($t)>0)
	{
		$temp3="SELECT * FROM users WHERE users.user='$f'";
		$sql=mysql_query($temp3);
		if(mysql_num_rows($sql)==1)
		{
			$temp4="INSERT INTO comm (user,friend,text,readd) VALUES ('$u','$f','$t','0')";
			$sql=mysql_query($temp4);
			$response="#chatadded#".$f;
			echo $response;
		}
		else
		{
			$response="Your friend does not exist.";
			
		}
	}
	else if((strlen($f)>0 || $f=="all") && (strlen($t)==0))
	{
		if($h==0)
		{
			$temp5="SELECT * FROM comm WHERE comm.friend='$u' AND comm.readd=0 ORDER BY comm.time ASC";
			$sql=mysql_query($temp5);
			if(mysql_num_rows($sql)==1)
			{
				$temp11="UPDATE users SET users.typing=0 WHERE users.user='$u' AND users.passwd='$p'";
				$sqltmp=mysql_query($temp11);
				$row=mysql_fetch_array($sql);
				$response = addslashes($row['text']);
				$id=$row['time'];
				$temp6="UPDATE comm SET comm.readd=1 WHERE comm.time='$id'";
				$sql=mysql_query($temp6);
				$response = "#msg#".$row['user']."#".stripslashes($response);
				echo $response;
			}
			else if(mysql_num_rows($sql)>1)
			{
				for($i=0;$i<mysql_num_rows($sql);$i++)
				{
					if($i>0)
					{
						$row = mysql_fetch_array($sql);
						$response .= "<br><b>".$row['user'].": </b>".$row['text'];
					}
					else if($i==0)
					{
						$row = mysql_fetch_array($sql);
						$response .= $row['text'];
					}
				}
				
				$temp7="SELECT * FROM comm WHERE comm.friend='$u' AND comm.readd=0 ORDER BY comm.time ASC";
				$sql=mysql_query($temp7);
				while($row=mysql_fetch_array($sql))
				{
					$tmptext=$row['text'];
					$tmpid=$row['time'];
					$temp8="UPDATE comm SET comm.readd=1 WHERE comm.time='$tmpid'";
					$sql1=mysql_query($temp8);
				}
				
				$temp12="UPDATE users SET users.typing=0 WHERE users.user='$u' AND users.passwd='$p'";
				$sqltmp=mysql_query($temp12);
				$response="#msg#".$row['user']."#".$response;
				echo $response;
			}
		}
		elseif($h==1)
		{
			$temp9="SELECT * FROM comm WHERE comm.user='$u' AND comm.friend='$f' UNION ALL SELECT * FROM comm WHERE comm.user='$f' AND comm.friend='$u' ORDER BY 5";
			$sql=mysql_query($temp9);
			while($row = mysql_fetch_array($sql))
			{
				$response .= "<b>".$row['user'].": </b>".$row['text']."<br>";
			}
			$response="#history#".$response;
			echo $response;
		}
		else
		{
			$response="#error";
			echo $response;
		}
	}
	else
	{
		$response="#error";
		echo $response;
	}
}
else
{
	$response="#error";
	echo $response;
}
?>